Field of the Invention
The present invention relates to an electronic apparatus having a security function and a method of controlling the same.
Description of the Related Art
When an apparatus having a second security function of higher security level than a first security function is attached to a printing apparatus which is executing the first security function, interference occurs between the security functions, and therefore, the first security function currently under execution needs to be stopped.
For example, the ATA (Advanced Technology Attachment) standard supported by a hard disk drive defines a security command group. This standard includes a security function using a password as the standard function of a hard disk drive. When the security function (password function) using a password of the hard disk drive is enabled, access to the data area of the hard disk drive is not permitted unless an appropriate password is sent to the hard disk drive. In addition, when powered off and then on in a state in which access to the hard disk drive is permitted, the hard disk drive is activated while enabling the password function again.
Another security function is an encryption method of encrypting data to be written in the hard disk drive. In the above-described password function, data stored in the data area is a plaintext (unencrypted). For this reason, the security may be broken by stealing the password or directly reading the disk in the hard disk drive. On the other hand, adopting the encryption method makes it possible to prevent internal information from being read even if the hard disk drive is stolen. Hence, when the password method and the encryption method are compared, the security level is higher in the latter.
A case will be explained here in which an optional encryption device for encrypting data to be stored in a hard disk drive is attached to a printing apparatus which is executing the password function. As described above, the security level of the encryption method is higher than that of the password function. Hence, executing the password function in the printing apparatus that executes encryption makes no sense and only increases the cumbersomeness in control. Hence, in general, the encryption device itself does not support the security command group of the ATA standard of lower security level.
As described above, when attaching the encryption device of higher security level to the printing apparatus which is executing the password function, interference occurs between the security functions. Hence, to attach the encryption device to the printing apparatus, it is necessary to temporarily power off the printing apparatus. Access to the hard disk drive having the enabled password function is permitted only if a password setting command or a password cancellation command is sent to the hard disk drive at the time of activation from the power-off state. However, the encryption device does not support the security command group, as described above. For this reason, the password function cannot be canceled by sending a command concerning a password to the hard disk drive through the encryption device attached to the printing apparatus. Hence, when attaching the encryption device to the printing apparatus which is executing the password function, it is necessary to first disable the password function of the printing apparatus and then attach the encryption device.
The password function disable processing is manually performed by a user or a serviceman, who operates the operation panel of the printing apparatus at the time of encryption device attachment. In this case, security holes may be generated due to a human error or a fault in the attached encryption device. For example, assume a case in which when attaching encryption devices to a plurality of printing apparatuses, the password function disable processing is performed simultaneously for the plurality of printing apparatuses. In this case, if the encryption devices are attached after the password function disable processing, attachment may be forgotten for some of the printing apparatuses. In addition, the printing apparatus may be left to stand without setting the encryption function in the enabled state due to a fault in the attached encryption device. In either case, the printing apparatus may remain in a security disabled state for a long time.
Under the above-described circumstances, a security management method of an information device configured to connect an internal terminal to an external network has been proposed to eliminate security holes (for example, Japanese Patent Laid-Open No. 2004-40155). In Japanese Patent Laid-Open No. 2004-40155, when doing settings for an information device on a network, the security function of the information device is canceled at a time scheduled in advance. At the expected end time or after the setting, a security management module held in the information device returns the original security function to the enabled state.
However, the method of Japanese Patent Laid-Open No. 2004-40155 provides a technique of returning the temporarily canceled security function to the original enabled state at an expected end time or after setting and cannot be applied to completely disable the original security function. Furthermore, in addition to the expected end time or the end of attachment/setting, the power on/off state and the number of times of power-on/off may be important when attaching an optional device such as an encryption device. However, the method described in Japanese Patent Laid-Open No. 2004-40155 cannot cope with this case.